Currently the CSS Fonts Level 4 Security and Privacy Considerations section has a single sentence:

“The system-ui keyword exposes the operating system’s default system UI font to fingerprinting mechanisms.”

This is insufficient. The Security and Privacy Considerations section needs to at a minimum include:

• Answers to the Security and Privacy Questionnaire from the W3C TAG: https://www.w3.org/TR/security-privacy-questionnaire/
• Explicitly note the fingerprinting dangers as being discussed in #4497

Labels: css-fonts, css-fonts-4